API token issues in cluster

Hi all!
I have an issue when using a token for authenticating to the REST API. I try to get information from /api/cluster and follow the documentation on Graylog REST API - Configuring Graylog

This command works just fine and I get information about all nodes in the cluster.
I’ve also tried getting a session token for the same user and use the session token for authentication. It works just fine. The command returns information about all servers in the cluster.
curl -u adminuser:p4ssw0rd ''

But when creating a token (for the same “adminuser”) in the web UI and then trying the same command, I only get status information from the master server:

curl -u 9fav[...]h148:token ''
  "c317593f-[...]-b0b5b57da06b" : {
    "facility" : "graylog-server",
    "codename" : "Noir",
    "node_id" : "c317593f-[...]-b0b5b57da06b",
    "cluster_id" : "cac50c4a-[...]-8f8d64d831dd",
    "version" : "4.1.10+9bc6267",
    "started_at" : "2022-02-01T15:30:28.670Z",
    "hostname" : "ulm-graylog-master",
    "lifecycle" : "running",
    "lb_status" : "alive",
    "timezone" : "Etc/UTC",
    "operating_system" : "Linux 3.10.0-1160.49.1.el7.x86_64",
    "is_processing" : true
  "ff94b945-[...]-2aca679115f5" : null,
  "101c03c9-[...]-9026c41bb5d2" : null

We use Graylog 4.1.10 but I’ve seen the same problem in Graylog 3.3.16. Graylog is installed in a K8S cluster running on RedHat 7.9, using stock docker images (graylog/graylog:4.1.10).

Isn’t the token supposed to work properly in cluster setups? Why don’t the REST API return information about the other servers when using a session token?

All the best, John

Hello && Welcome

I might be able to help, unfortunately I don’t have a cluster. I did try out the token In the Web UI and I tested the command to create one.

curl -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' '' -d '{"username":"GM", "password":"superpower", "host":""}'

I was just curious if you have tried the second option for testing purposes. Not sure why the token would only allow you to see one node in the cluster. The only thing I can think of is access from that user or perhaps a bug.

Something else I ran into was using the node ID in the API something like this below. I was curious if you can use that token to access any specific Node/s in your cluster.

curl http://graylog.domain:9000/api/cluster/{node_id}/jvm

If you believe this is a bug perhaps posting it here.

Hi gsmith,
Thank you for answering!

I’ve tested generating a session token and then I see all nodes. It’s just the “permanent” token created in web UI that doesn’t work.

Also tested to access one specific node (not the master one that seems to work) and when using the token I get a HTTP 401 in return (the username/password and session token works OK).

Thought it would be great if someone could confirm these issues before posting a bug report, but maybe I should just go for a report at once.

Thank you!

Yeah, that doesn’t sound right. I would definitely post on GitHub. If a temp token works and a permanent one doesn’t work, to me something if wrong with this.

Thank you!
I’ve posted a bug report at Problems with REST API tokens in cluster · Issue #12190 · Graylog2/graylog2-server · GitHub

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.